dirmngr: For CRL issuer verification trust the system's root CA.

* dirmngr/crlcache.c (crl_parse_insert): Add VALIDATE_FLAG_TRUST_SYSTEM. -- GnuPG-bug-id: 6963
author: Werner Koch <[email protected]> 2024-01-26 12:14:14 +0000
committer: Werner Koch <[email protected]> 2024-01-26 12:14:14 +0000
commit: 935b5a49b416590206275ed6adf258c2fe50e295 (patch)
tree: 2b769e31ec3405398ad33c29e578ac505fc158cc
parent: common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR. (diff)
download: gnupg-935b5a49b416590206275ed6adf258c2fe50e295.tar.gz
gnupg-935b5a49b416590206275ed6adf258c2fe50e295.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index 05c506650..cc5300df7 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -2086,6 +2086,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
 
             err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
                                        (VALIDATE_FLAG_TRUST_CONFIG
+                                        | VALIDATE_FLAG_TRUST_SYSTEM
                                         | VALIDATE_FLAG_CRL
                                         | VALIDATE_FLAG_RECURSIVE),
                                        r_trust_anchor);
author	Werner Koch <[email protected]>	2024-01-26 12:14:14 +0000
committer	Werner Koch <[email protected]>	2024-01-26 12:14:14 +0000
commit	935b5a49b416590206275ed6adf258c2fe50e295 (patch)
tree	2b769e31ec3405398ad33c29e578ac505fc158cc
parent	common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR. (diff)
download	gnupg-935b5a49b416590206275ed6adf258c2fe50e295.tar.gz gnupg-935b5a49b416590206275ed6adf258c2fe50e295.zip